This appendix contains reference information that you will need when developing applications for LDAP directories based on the User and Role APIs. It contains these sections:
Note:
IBM Tivoli directory parameters are the same as those specified for openLDAP.Microsoft ADAM parameters are the same as those specified for Microsoft Active Directory.
Table D-1 lists each user attribute in UserProfile.property and its corresponding attribute in the different directory servers.
Table D-1 User Attributes in UserProfile.Property
| Attribute | Oracle Internet Directory | Oracle WebLogic Server Embedded LDAP | Microsoft Active Directory | Oracle Directory Server Enterprise Edition | Novell eDirectory | OpenLDAP | 
|---|---|---|---|---|---|---|
| GUID | orclguid | uid | objectguid | nsuniqueid | guid | entryuuid | 
| USER_ID | username (see Note below) | uid | uid | uid | uid | uid | 
| DISPLAY_NAME | displayname | displayname | displayname | displayname | displayname | displayname | 
| BUSINESS_EMAIL |  |  |  |  |  |  | 
| DESCRIPTION | description | description | description | description | description | description | 
| EMPLOYEE_TYPE | employeeType | employeeType | employeeType | employeeType | employeeType | employeeType | 
| DEPARTMENT | departmentnumber | departmentnumber | departmentnumber | departmentnumber | departmentnumber | departmentnumber | 
| DATE_OF_BIRTH | orcldateofbirth | - | - | - | - | - | 
| BUSINESS_FAX | facsimiletelephonenumber | facsimiletelephonenumber | facsimiletelephonenumber | facsimiletelephonenumber | facsimiletelephonenumber | facsimiletelephonenumber | 
| BUSINESS_CITY | l | l | l | l | l | l | 
| BUSINESS_COUNTRY | c | c | c | c | c | c | 
| DATE_OF_HIRE | orclhiredate | - | - | - | - | - | 
| NAME | cn | uid | cn | uid | cn | cn | 
| PREFERRED_LANGUAGE | Preferredlanguage | preferredlanguage | preferredlanguage | preferredlanguage | preferredlanguage | preferredlanguage | 
| BUSINESS_POSTAL_ADDR | postaladdress | postaladdress | postaladdress | postaladdress | postaladdress | postaladdress | 
| MIDDLE_NAME | orclmiddlename | - | - | - | - | - | 
| ORGANIZATIONAL_UNIT | ou | ou | ou | ou | ou | ou | 
| WIRELESS_ACCT_NUMBER | orclwirelessaccountnumber | - | - | - | - | - | 
| BUSINESS_PO_BOX | postofficebox | postofficebox | postofficebox | postofficebox | postofficebox | postofficebox | 
| BUSINESS_STATE | St | st | st | st | st | st | 
| HOME_ADDRESS | Homepostaladdress | homepostaladdress | homepostaladdress | homepostaladdress | homepostaladdress | homepostaladdress | 
| NAME_SUFFIX | Generationqualifier | generationqualifier | generationqualifier | generationqualifier | generationqualifier | generationqualifier | 
| BUSINESS_STREET | street | street | street | street | street | street | 
| INITIALS | initials | initials | initials | initials | initials | initials | 
| USER_NAME | username (see Note below) | uid | samaccountname | uid | uid | uid | 
| BUSINESS_POSTAL_CODE | postalcode | postalcode | postalcode | postalcode | postalcode | postalcode | 
| BUSINESS_PAGER | pager | pager | pager | pager | pager | pager | 
| LAST_NAME | sn | sn | sn | sn | sn | sn | 
| BUSINESS_PHONE | telephonenumber | telephonenumber | telephonenumber | telephonenumber | telephonenumber | telephonenumber | 
| FIRST_NAME | givenname | givenname | givenname | givenname | givenname | givenname | 
| TIME_ZONE | orcltimezone | - | - | - | - | - | 
| MAIDEN_NAME | orclmaidenname | - | - | - | - | - | 
| PASSWORD | userpasssword | userpasssword | userpasssword | userpasssword | userpasssword | userpasssword | 
| DEFAULT_GROUP | orcldefaultprofilegroup | - | - | - | - | - | 
| ORGANIZATION | o | o | o | o | o | o | 
| HOME_PHONE | homephone | homephone | homephone | homephone | homephone | homephone | 
| BUSINESS_MOBILE | mobile | mobile | mobile | mobile | mobile | mobile | 
| UI_ACCESS_MODE | orcluiaccessibilitymode | - | - | - | - | - | 
| JPEG_PHOTO | jpegphoto | jpegphoto | jpegphoto | jpegphoto | jpegphoto | jpegphoto | 
| MANAGER | manager | manager | manager | manager | manager | manager | 
| TITLE | title | title | title | title | title | title | 
| EMPLOYEE_NUMBER | employeenumber | employeenumber | employeenumber | employeenumber | employeenumber | employeenumber | 
| LDUser.PASSWORD | userpassword | userpassword | userpassword | userpassword | userpassword | userpassword | 
Note:
username* : typically uid, but technically, the attribute designated by the orclCommonNicknameAttribute in the subscriber's oraclecontext products common entry.Table D-2 lists each role attribute in UserProfile.property and its corresponding attribute in different directory servers.
Table D-2 Role Attribute Values in LDAP Directories
| Role Attribute | Oracle Internet Directory | Oracle WebLogic Server Embedded LDAP | Microsoft Active Directory | Oracle Directory Server Enterprise Edition | Novell eDirectory | OpenLDAP | 
|---|---|---|---|---|---|---|
| DISPLAY_NAME | displayname | - | displayname | displayname | displayname | displayname | 
| MANAGER | - | - | - | - | - | - | 
| NAME | cn | cn | cn | cn | cn | cn | 
| OWNER | owner | owner | - | Owner | - | owner | 
| GUID | orclguid | cn | objectguid | NSuniqueid | guid | entryuuid | 
This section lists parameters for which the APIs can use default configuration values, and the source of the value in different directory servers.
Table D-3 lists the source for Oracle Internet Directory and Microsoft Active Directory.
Table D-3 Default Values - Oracle Internet Directory and Microsoft Active Directory
| Parameter | Oracle Internet Directory | Active Directory | 
|---|---|---|
| RT_USER_OBJECT_CLASSES | #config | {"user" } | 
| RT_USER_MANDATORY_ATTRS | #schema | #schema | 
| RT_USER_CREATE_BASES | #config | cn=users,<subscriberDN> | 
| RT_USER_SEARCH_BASES | #config | <subscriberDN> | 
| RT_USER_FILTER_OBJECT_CLASSES | #config | {"user"} | 
| RT_USER_SELECTED_CREATE_BASE | #config | cn=users,<subscriberDN> | 
| RT_GROUP_OBJECT_CLASSES | #config | {"group" } | 
| RT_GROUP_MANDATORY_ATTRS | #schema | #schema | 
| RT_GROUP_CREATE_BASES | #config | <subscriberDN> | 
| RT_GROUP_SEARCH_BASES | #config | <subscriberDN> | 
| RT_GROUP_FILTER_OBJECT_CLASSES | #config | {"group"} | 
| RT_GROUP_MEMBER_ATTRS | "uniquemember", "member" | "member" | 
| RT_GROUP_SELECTED_CREATE_BASE | #config | <subscriberDN> | 
| RT_GROUP_GENERIC_SEARCH_BASE | <subscriber-DN> | <subscriberDN> | 
| RT_SEARCH_TYPE | #config | #config | 
| ST_SUBSCRIBER_NAME | #config | NULL | 
| ST_USER_NAME_ATTR | #config | cn | 
| ST_USER_LOGIN_ATTR | #config | samaccountname | 
| ST_GROUP_NAME_ATTR | #config | cn | 
| ST_MAX_SEARCHFILTER_LENGTH | 500 | 500 | 
| ST_BINARY_ATTRIBUTES | Choose a Binary Basic Attribute (BBA) See note below about BBAs. | Binary Basic Attribute (BBA)+{ "objectguid" , "unicodepwd" } See note below about BBAs. | 
| ST_LOGGER_NAME | oracle.idm.userrole | oracle.idm.userrole | 
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "javaserializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the meta information present in the directory
#schema is extracted from the schema in the directory
Table D-4 lists the source for Oracle Directory Server Enterprise Edition and Novell eDirectory.
Table D-4 Default Values - Oracle Directory Server Enterprise Edition and Novell eDirectory
| Parameter | Oracle Directory Server Enterprise Edition | Novell eDirectory | 
|---|---|---|
| RT_USER_OBJECT_CLASSES | {"inetorgperson", "person", "organizationalperson" } | { "person", "inetorgperson", "organizationalPerson", "ndsloginproperties" } | 
| RT_USER_MANDATORY_ATTRS | #schema | #schema | 
| RT_USER_CREATE_BASES | ou=people,<subscriberDN> | ou=users,<subscriberDN> | 
| RT_USER_SEARCH_BASES | <subscriberDN> | <subscriberDN> | 
| RT_USER_FILTER_OBJECT_CLASSES | {"inetorgperson", "person", "organizationalperson" } | { "person", "inetorgperson", "organizationalPerson", "ndsloginproperties" } | 
| RT_USER_SELECTED_CREATE_BASE | ou=people,<subscriberDN> | ou=users,<subscriberDN> | 
| RT_GROUP_OBJECT_CLASSES | "groupofuniquenames" | {"group" } | 
| RT_GROUP_MANDATORY_ATTRS | #schema | #schema | 
| RT_GROUP_CREATE_BASES | ou=groups,<subscriberDN> | ou=groups,<subscriberDN> | 
| RT_GROUP_SEARCH_BASES | <subscriberDN> | <subscriberDN> | 
| RT_GROUP_FILTER_OBJECT_CLASSES | {"groupofuniquenames"} | {"group"} | 
| RT_GROUP_MEMBER_ATTRS | "uniquemember" | "member" | 
| RT_GROUP_SELECTED_CREATE_BASE | ou=groups,<subscriberDN> | ou=groups,<subscriberDN> | 
| RT_GROUP_GENERIC_SEARCH_BASE | <subscriber-DN> | <subscriberDN> | 
| RT_SEARCH_TYPE | #config | #config | 
| ST_SUBSCRIBER_NAME | NULL | NULL | 
| ST_USER_NAME_ATTR | uid | cn | 
| ST_USER_LOGIN_ATTR | uid | cn | 
| ST_GROUP_NAME_ATTR | cn | cn | 
| ST_MAX_SEARCHFILTER_LENGTH | 500 | 500 | 
| ST_BINARY_ATTRIBUTES | Choose a Binary Basic Attribute (BBA) See note below about BBAs. | Binary Basic Attribute (BBA)+{ "guid"} See note below about BBAs. | 
| ST_LOGGER_NAME | oracle.idm.userrole | oracle.idm.userrole | 
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "javaserializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the metainformation present in the directory
#schema is extracted from the schema in the directory
Table Table D-5 lists the parameters for OpenLDAP and Oracle Virtual Directory.
Table D-5 Default Values - OpenLDAP and Oracle Virtual Directory
| Parameter | OpenLDAP | Oracle Virtual Directory | 
|---|---|---|
| RT_USER_OBJECT_CLASSES | {"inetorgperson", "person", "organizationalperson" } | {"inetorgperson"} | 
| RT_USER_MANDATORY_ATTRS | #schema | #schema | 
| RT_USER_CREATE_BASES | ou=people,<subscriberDN> | <subscriberDN> | 
| RT_USER_SEARCH_BASES | <subscriberDN> | <subscriberDN> | 
| RT_USER_FILTER_OBJECT_CLASSES | {"inetorgperson", "person", "organizationalperson" } | {"inetorgperson"} | 
| RT_USER_SELECTED_CREATE_BASE | ou=people,<subscriberDN> | <subscriberDN> | 
| RT_GROUP_OBJECT_CLASSES | "groupofuniquenames" | {"groupofuniquenames"} | 
| RT_GROUP_MANDATORY_ATTRS | #schema | #schema | 
| RT_GROUP_CREATE_BASES | ou=groups,<subscriberDN> | <subscriberDN> | 
| RT_GROUP_SEARCH_BASES | <subscriberDN> | <subscriberDN> | 
| RT_GROUP_FILTER_OBJECT_CLASSES | "groupofuniquenames" | {"groupofuniquenames"} | 
| RT_GROUP_MEMBER_ATTRS | "uniquemember" | "uniquemember" | 
| RT_GROUP_SELECTED_CREATE_BASE | ou=groups,<subscriberDN> | <subscriberDN> | 
| RT_GROUP_GENERIC_SEARCH_BASE | <subscriber-DN> | <subscriberDN> | 
| RT_SEARCH_TYPE | #config | #config | 
| ST_SUBSCRIBER_NAME | NULL | #config (namingcontexts) | 
| ST_USER_NAME_ATTR | uid | cn | 
| ST_USER_LOGIN_ATTR | uid | cn | 
| ST_GROUP_NAME_ATTR | cn | cn | 
| ST_MAX_SEARCHFILTER_LENGTH | 500 | 500 | 
| ST_BINARY_ATTRIBUTES | Choose a Binary Basic Attribute (BBA) See note below about BBAs. | Binary Basic Attribute (BBA)+{ "guid"} See note below about BBAs. | 
| ST_LOGGER_NAME | oracle.idm.userrole | oracle.idm.userrole | 
Notes:
The Basic Binary Attributes include: {"photo", "personalsignature", "audio","jpegphoto", "javaserializeddata", "thumbnailphoto", "thumbnaillogo", "userpassword", "usercertificate", "cacertificate", "authorityrevocationlist", "certificaterevocationlist", "crosscertificatepair", "x500UniqueIdentifier"}
#config is extracted from the meta information present in the directory
#schema is extracted from the schema in the directory
Table D-6 lists the parameters for Oracle WebLogic Server LDAP.
Table D-6 Default Values - Oracle WebLogic Server LDAP
| Parameter | Oracle WebLogic Server Embedded LDAP | 
|---|---|
| RT_USER_OBJECT_CLASSES | {"inetorgperson", "person", "organizationalperson", "wlsUser"} | 
| RT_USER_MANDATORY_ATTRS | #schema | 
| RT_USER_CREATE_BASES | {"ou=people,<subscriberDN>"} | 
| RT_USER_SEARCH_BASES | {"ou=people,<subscriberDN>"} | 
| RT_USER_FILTER_OBJECT_CLASSES | {"inetorgperson", "wlsUser"} | 
| RT_USER_SELECTED_CREATE_BASE | ou=people,<subscriberDN> | 
| RT_GROUP_OBJECT_CLASSES | {"top","groupofuniquenames","groupOfURLs"} | 
| RT_GROUP_MANDATORY_ATTRS | #schema | 
| RT_GROUP_CREATE_BASES | {"ou=groups,<subscriberDN>"} | 
| RT_GROUP_SEARCH_BASES | {"ou=groups,<subscriberDN>"} | 
| RT_GROUP_FILTER_OBJECT_CLASSES | {"top","groupofuniquenames","groupOfURLs"} | 
| RT_GROUP_MEMBER_ATTRS | "uniquemember" | 
| RT_GROUP_SELECTED_CREATE_BASE | ou=groups,<subscriberDN> | 
| RT_GROUP_GENERIC_SEARCH_BASE | <subscriberDN> | 
| RT_SEARCH_TYPE | #config | 
| ST_SUBSCRIBER_NAME | #config (namingcontexts) | 
| ST_USER_NAME_ATTR | uid | 
| ST_USER_LOGIN_ATTR | uid | 
| ST_GROUP_NAME_ATTR | cn | 
| ST_MAX_SEARCHFILTER_LENGTH | 500 | 
| ST_BINARY_ATTRIBUTES | *(BBA) See note below about BBAs. | 
| ST_LOGGER_NAME | oracle.idm.userrole | 
Active Directory requires connections to be SSL-enabled when setting sensitive information like passwords. Therefore, operations like creating a user (which set the password) will not succeed if the connection is not SSL-enabled.